%%{init: {
'theme': 'base',
'themeVariables': {
'primaryColor': '#ff9800',
'primaryTextColor': '#ffffff',
'primaryBorderColor': '#ffffff',
'lineColor': '#ffffff',
'secondaryColor': '#006064',
'tertiaryColor': '#4caf50'
}
}}%%
sequenceDiagram
actor User
participant Browser
participant CloudflareAccess as Cloudflare Access
participant Application
participant IdentityProvider as Identity Provider
User->>Browser: Access protected resource
Browser->>CloudflareAccess: Request access
CloudflareAccess->>IdentityProvider: Initiate SAML request
IdentityProvider->>User: Present login page
User->>IdentityProvider: Enter credentials
IdentityProvider->>IdentityProvider: Authenticate user
IdentityProvider->>CloudflareAccess: Send SAML assertion
Note over CloudflareAccess: Validate SAML assertion
CloudflareAccess->>CloudflareAccess: Generate JWT
CloudflareAccess->>Browser: Set JWT in cookie
Note over Browser: Store JWT
Browser->>CloudflareAccess: Request resource with JWT
Note over CloudflareAccess: Validate JWT
CloudflareAccess->>CloudflareAccess: Apply access policies
alt Access Granted
CloudflareAccess->>Application: Forward request
Application->>CloudflareAccess: Return resource
CloudflareAccess->>Browser: Return protected resource
Browser->>User: Display resource
else Access Denied
CloudflareAccess->>Browser: Return access denied
Browser->>User: Show access denied message
end
Note over User,IdentityProvider: SAML Authentication
Note over User,CloudflareAccess: JWT-based Authorization